From: Nikos Mavrogiannopoulos Date: Sun, 11 Dec 2011 09:36:55 +0000 (+0100) Subject: Added gnutls_priority_get_cipher_suite(). X-Git-Tag: gnutls_3_0_9~14 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=272149db43bd82cbcde5ba366295e9810e5b7701;p=thirdparty%2Fgnutls.git Added gnutls_priority_get_cipher_suite(). This allows listing the ciphersuites enabled in a priority structure. The certtool -l option was overloaded so if combined with --priority it will only list the ciphersuites that are enabled by the given priority string. --- diff --git a/NEWS b/NEWS index d2d4bf3b6d..ee968cacdb 100644 --- a/NEWS +++ b/NEWS @@ -4,8 +4,15 @@ See the end for copying conditions. * Version 3.0.9 (unreleased) +** certtool: -l option was overloaded so if combined with --priority +it will only list the ciphersuites that are enabled by the given +priority string. + ** libgnutls: Added the SECP192R1 curve. +** libgnutls: Added gnutls_priority_get_cipher_suite() to +allow listing the ciphersuites enabled in a priority structure. + ** libgnutls: Optimizations in the elliptic curve code (timing attacks resistant code is only used in ECDSA private key operations). @@ -13,7 +20,7 @@ attacks resistant code is only used in ECDSA private key operations). now added again in the distribution. ** API and ABI modifications: -No changes since last version. +gnutls_priority_get_cipher_suite: Added * Version 3.0.8 (released 2011-11-12) diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index 6fc29df06e..bdffef7131 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -737,7 +737,7 @@ const gnutls_cipher_suite_entry * ce; **/ const char * gnutls_cipher_suite_info (size_t idx, - char *cs_id, + unsigned char *cs_id, gnutls_kx_algorithm_t * kx, gnutls_cipher_algorithm_t * cipher, gnutls_mac_algorithm_t * mac, @@ -821,3 +821,59 @@ _gnutls_supported_ciphersuites (gnutls_session_t session, return ret_count; } +/** + * gnutls_priority_get_cipher_suite: + * @pcache: is a #gnutls_prioritity_t structure. + * @idx: is an index number + * @name: Will point to the ciphersuite name + * @cs_id: output buffer with room for 2 bytes, indicating cipher suite value + * + * Provides ciphersuite information. The index provided is an internal + * index kept at the priorities structure. It might be that a valid index + * does not correspond to a ciphersuite and in that case %GNUTLS_E_UNKNOWN_CIPHER_SUITE + * will be returned. Once the last available index is crossed then + * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. + * + * Returns: On success it returns %GNUTLS_E_SUCCESS (0), or a negative error value otherwise. + **/ +int +gnutls_priority_get_cipher_suite (gnutls_priority_t pcache, int idx, const char** name, unsigned char cs_id[2]) +{ +int mac_idx, cipher_idx, kx_idx; +int total = pcache->mac.algorithms * pcache->cipher.algorithms * pcache->kx.algorithms; +const gnutls_cipher_suite_entry * ce; + + if (idx >= total) + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + + mac_idx = idx % pcache->mac.algorithms; + + idx /= pcache->mac.algorithms; + cipher_idx = idx % pcache->cipher.algorithms; + + idx /= pcache->cipher.algorithms; + kx_idx = idx % pcache->kx.algorithms; + + ce = cipher_suite_get(pcache->kx.priority[kx_idx], pcache->cipher.priority[cipher_idx], + pcache->mac.priority[mac_idx]); + + if (ce == NULL) + { + *name = NULL; + memset(cs_id, 0, 2); + } + else + { + *name = ce->name; + memcpy(cs_id, ce->id.suite, 2); + } + + if (*name == NULL) + { + *name = "(no corresponding ciphersuite)"; + return GNUTLS_E_UNKNOWN_CIPHER_SUITE; + } + + return 0; +} + diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index ed744844f3..5b5fa583fc 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -803,7 +803,7 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session); const gnutls_pk_algorithm_t *gnutls_pk_list (void); const gnutls_sign_algorithm_t *gnutls_sign_list (void); const char *gnutls_cipher_suite_info (size_t idx, - char *cs_id, + unsigned char *cs_id, gnutls_kx_algorithm_t * kx, gnutls_cipher_algorithm_t * cipher, gnutls_mac_algorithm_t * mac, @@ -909,6 +909,7 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session); int gnutls_priority_init (gnutls_priority_t * priority_cache, const char *priorities, const char **err_pos); void gnutls_priority_deinit (gnutls_priority_t priority_cache); + int gnutls_priority_get_cipher_suite (gnutls_priority_t pcache, int idx, const char** name, unsigned char cs_id[2]); int gnutls_priority_set (gnutls_session_t session, gnutls_priority_t priority); diff --git a/lib/libgnutls.map b/lib/libgnutls.map index 807c94ec6c..0abb8009a6 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -725,6 +725,7 @@ GNUTLS_3_0_0 { gnutls_srp_4096_group_generator; gnutls_srp_4096_group_prime; gnutls_x509_privkey_verify_params; + gnutls_priority_get_cipher_suite; } GNUTLS_2_12; GNUTLS_PRIVATE { diff --git a/src/cli-gaa.c b/src/cli-gaa.c index 8959237a94..dd84b9a2ae 100644 --- a/src/cli-gaa.c +++ b/src/cli-gaa.c @@ -160,7 +160,7 @@ void gaa_help(void) __gaa_helpsingle(0, "benchmark-ciphers", "", "Benchmark individual ciphers."); __gaa_helpsingle(0, "benchmark-soft-ciphers", "", "Benchmark individual software ciphers."); __gaa_helpsingle(0, "benchmark-tls", "", "Benchmark ciphers and key exchange methods in TLS."); - __gaa_helpsingle('l', "list", "", "Print a list of the supported algorithms and modes."); + __gaa_helpsingle('l', "list", "", "Print a list of the supported algorithms and modes. If a priority string is given then only the ciphersuites enabled by the priority are shown."); __gaa_helpsingle('h', "help", "", "prints this help"); __gaa_helpsingle('v', "version", "", "prints the program's version number"); @@ -793,7 +793,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_list: OK = 0; #line 106 "cli.gaa" -{ print_list(gaaval->verbose); exit(0); ;}; +{ print_list(gaaval->priorities, gaaval->verbose); exit(0); ;}; return GAA_OK; break; diff --git a/src/cli.gaa b/src/cli.gaa index b06d336174..c29fbb8605 100644 --- a/src/cli.gaa +++ b/src/cli.gaa @@ -103,7 +103,7 @@ option ( benchmark-ciphers) { benchmark_cipher(1, $debug); exit(0) } "Benchmark option ( benchmark-soft-ciphers) { benchmark_cipher(0, $debug); exit(0) } "Benchmark individual software ciphers." option ( benchmark-tls) { benchmark_tls($debug); exit(0) } "Benchmark ciphers and key exchange methods in TLS." -option (l, list) { print_list($verbose); exit(0); } "Print a list of the supported algorithms and modes." +option (l, list) { print_list($priorities, $verbose); exit(0); } "Print a list of the supported algorithms and modes. If a priority string is given then only the ciphersuites enabled by the priority are shown." option (h, help) { gaa_help(); exit(0); } "prints this help" option (v, version) { cli_version(); exit(0); } "prints the program's version number" diff --git a/src/common.c b/src/common.c index 95c40504e9..0cfc0aa0c6 100644 --- a/src/common.c +++ b/src/common.c @@ -570,16 +570,41 @@ print_cert_info (gnutls_session_t session, const char *hostname, int insecure) } void -print_list (int verbose) +print_list (const char* priorities, int verbose) { - { size_t i; + int ret; const char *name; - char id[2]; + const char *err; + unsigned char id[2]; gnutls_kx_algorithm_t kx; gnutls_cipher_algorithm_t cipher; gnutls_mac_algorithm_t mac; gnutls_protocol_t version; + gnutls_priority_t pcache; + + if (priorities != NULL) + { + printf ("Cipher suites for %s\n", priorities); + + ret = gnutls_priority_init(&pcache, priorities, &err); + if (ret < 0) + { + fprintf (stderr, "Syntax error at: %s\n", err); + exit(1); + } + + for (i=0;;i++) + { + ret = gnutls_priority_get_cipher_suite(pcache, i, &name, id); + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; + if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) continue; + + printf ("%-50s\t0x%02x, 0x%02x\n", name, id[0], id[1]); + } + + return; + } printf ("Cipher suites:\n"); for (i = 0; (name = gnutls_cipher_suite_info @@ -594,7 +619,6 @@ print_list (int verbose) gnutls_kx_get_name (kx), gnutls_cipher_get_name (cipher), gnutls_mac_get_name (mac)); } - } { const gnutls_certificate_type_t *p = gnutls_certificate_type_list (); diff --git a/src/common.h b/src/common.h index 5d0757ba4e..8658846bae 100644 --- a/src/common.h +++ b/src/common.h @@ -33,7 +33,7 @@ extern const char str_unknown[]; int print_info (gnutls_session_t state, const char *hostname, int insecure); void print_cert_info (gnutls_session_t state, const char *hostname, int insecure); -void print_list (int verbose); +void print_list (const char* priorities, int verbose); const char *raw_to_string (const unsigned char *raw, size_t raw_size); int service_to_port (const char *service); diff --git a/src/serv-gaa.c b/src/serv-gaa.c index 2d1baaa2ef..d903c8e9a3 100644 --- a/src/serv-gaa.c +++ b/src/serv-gaa.c @@ -807,7 +807,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) case GAAOPTID_list: OK = 0; #line 103 "serv.gaa" -{ print_list(0); exit(0); ;}; +{ print_list(gaaval->priorities, 0); exit(0); ;}; return GAA_OK; break; diff --git a/src/serv.gaa b/src/serv.gaa index c4427ae54c..97ba2ce91f 100644 --- a/src/serv.gaa +++ b/src/serv.gaa @@ -100,7 +100,7 @@ option (srppasswdconf) STR "FILE" { $srp_passwd_conf = $1 } "SRP password conf f #char *priorities; option (priority) STR "PRIORITY STRING" { $priorities = $1 } "Priorities string." -option (l, list) { print_list(0); exit(0); } "Print a list of the supported algorithms and modes." +option (l, list) { print_list($priorities, 0); exit(0); } "Print a list of the supported algorithms and modes." option (h, help) { gaa_help(); exit(0); } "prints this help" option (v, version) { serv_version(); exit(0); } "prints the program's version number"